From: Charles Lindsey (chl@clw.cs.man.ac.uk)
Date: Mon Mar 04 2002 - 07:36:31 CST
In <yl3cziwvpi.fsf@windlord.stanford.edu> Russ Allbery <rra@stanford.edu> writes:
>Charles Lindsey <chl@clw.cs.man.ac.uk> writes:
>> He suggests to promote that SHOULD to MUST. Personally, I see no reason
>> why the server admin should not have discretion here, so I just pass on
>> the suggestion for your consideration.
>Can we say that when we have no defined signing protocol?
Well we have agreed to defer the details of signing protocols to a future
security standard. But we also agreed to commend digital signed headers
(mentioning PGPVERIFY by way of example) in anticipation of that future
work. So, yes, we can (and do) say things like that.
>Also, it's often useful to have copies of those messages available for
>both debugging (if you *should* have been able to cancel the message but
>the check failed) and for abuse tracking. That's the main reason why I
>can see for keeping them around rather than discarding them.
Exactly, which is why it should be a SHOULD. No interoperability issues
arise, since the effect is only seen within the one server and by clients
that rely on it.
-- Charles H. Lindsey ---------At Home, doing my own thing------------------------ Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl Email: chl@clw.cs.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K. PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5